Confluence Hack

CVE-2023-22515

exploit.py

Exploit to create a new admin user
Compromised audit log:

As a reverence served: https://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html and https://github.com/Chocapikk/CVE-2023-22515

plugin_shellplug.jar

This plugin provides a web-based shell interface for executing command-line commands on a server
You can install it from the Confluence web admin GUI
Was found on a server that was live in production

ShellServlet.java

Is the decompiled file of plugin_shellplug.jar

Tested on

Confluence Server 8.5.1

Disclaimer

This repository is provided for educational and informational purposes only. Use it responsibly and only on systems that you have permission to test. Unauthorized access to computer systems is illegal and unethical.

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
plugin_shellplug/com/jsos/shell		plugin_shellplug/com/jsos/shell
README.md		README.md
audit_log.png		audit_log.png
exploit.py		exploit.py
plugin.png		plugin.png
plugin_shellplug.jar		plugin_shellplug.jar

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Confluence Hack

exploit.py

plugin_shellplug.jar

ShellServlet.java

Tested on

Disclaimer

About

Releases

Packages

Languages

AIex-3/confluence-hack

Folders and files

Latest commit

History

Repository files navigation

Confluence Hack

exploit.py

plugin_shellplug.jar

ShellServlet.java

Tested on

Disclaimer

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages